fraud_reportswikiaorg-20200214-history
Herbal King
Description Alias V.E.P. Virility Enlarge Pills, Power Gain+, MaxGain+, MaxGain, VPXL, Express Herbals, Elite Herbal, MaxHerbal, and Herbal King, MaxGentleman, Dr.MaXman among others, this is a highly spammed website. This is the product analyzed by the BBC's Simon Cox in a report on his radio show "The Investigation." [http://news.bbc.co.uk/2/hi/uk_news/magazine/7140449.stm bbc.co.uk: Super scam me, Dec. 13, 2007]. The tablets Cox had analyzed as part of his investigation contained no active ingredients. (Since there is no product known to increase penis size in males who have reached sexual maturity, it hardly matters.) Often the spam emails only contain domain names that redirect to a destination site, such as ebaygods.com, where victims are defrauded through sale and delivery (or sometimes nondelivery) of fake drugs, and appropriation of their personal details for use in future fraud. MaxGain+ exploits many different methods of redirections to try to escape detection. Geographical locations are India and Hong Kong. Samples of the spam ManXL subject: Is yours Below 5 Innches Long? Here's latest "ManXL" formula has been proven to add inches to the sizes while multiplying orgasms like never had before. Our products is light years ahead of our competitors which has millions of happy users. Check us out..You won't regret. http:(domain deleted by Spamwiki admin) MegaDik subject: To get the best possible results we recommend using the program for at least four months. No, MegaDik Pills do not cause any known adverse side effects. http://ealyon.com to Elite Herbal Manster subject: 60 Pills Of Manster = 1 Months Supply When should you stop taking Manster Pills? http://dizimos.com to Elite Herbal Combination spam This shows multiple different spam operations all linked together in the one spam Add some inches fast, safe and effective as seen on NBC and prooven to work 100% ... http://csmo.net to Herbal King Have you ever wished you ejaculate like a porn star? Now you can... http://chrk.net to Wondercum Wish you could rock her world all night long? Now you can.. http://cdjw.net to Vigramax Sounds like a dream? Turn that dream to reality with this personal device.. http://ctmay.com to Personal Pussy If a relaxing moment turns into the right moment, will you be ready? http://minjkirrreat.com/ to [[ED Pill Store]] Lose weight Fast! Certified 100% Pure South African Hoodia.. http://uacor.com (Hoodia Gordonii) Get $500 Free.. http://staunbrad.com/micro/7 to Mint Las Vegas Have you ever wished you ejaculate like a porn star? Now you can.. http://thonr.com to WonderCum Add some inches fast, safe and effective as prooven on NBC Dateline to work 100% ... http://csmo.net to Herbal King Did you ejaculate before or within a few minutes of penetration? Help is here... http://buoon.com to Extra Time Wish you could rock her world all night long? Now you can.. http://cgide.com to Vigramax If a relaxing moment turns into the right moment, will you be ready? http://ezurozven.com to [[ED Pill Store]] Subject: MegaDik.. do you have 10 inches? Maybe You want enlarge him tracking code munged This example contains both MegaDik and Manster references. Dear victim@example.com http://kazmway.com/w.php Do you want Enlarge your Penis? t Gain 3+ Inches In Length. 100% Money Back Guarantee. t *3 FREE Bottles Of ManSter !! http://kazmway.com/w.php Thanks Mary Anniston victim@example.com wrote: > > MegaDik.. do you have 10 inches? Maybe You want enlarge him tracking code munged- out me now http://kazmway.com/w.php History The following announcement was published on an online forum to recruit new spammers: Post Posted: Sun Apr 22, 2007 8:54 am Post subject: New RX pharmacy WE NOW have online pharmacy take a look ......ablepharmacy.com Payments are every Thursday like clockwork, no delays or arrays Our "Low Price Pharmacy Store" design sports a professional array of pharmaceuticals. This is definatly (sic) our top converting website. Other product: herbal fleshlight enlargement pills very popular sextoy hoodia cum pills msg me with a valid email for an account The sample site quoted, ablepharmacy.com was registered by person: Eduardo Macias organization: TOLMEN STAR ENTERPRISES LTD email: admin@querendamx.com address: Querenda No. 353, Fracc. Bosque Camelinas city: Michoacan postal-code: 58290 country: MX phone: +52.443655187 The registrar who accepted this criminal spammer's contract for domain name registration was Domain Name: ABLEPHARMACY.COM Registrar: COMPUTER SERVICES LANGENBACH GMBH DBA JOKER.COM To this day, this criminal spammer still uses many registered domains which are widely spammed. The registrar who is still accepting his contracts for registrations under the same registrant details is COMPUTER SERVICES LANGENBACH GMBH DBA JOKER.COM Other fake company names that are a "fingerprint" for these registrations include * Chang Limited *Black Network Inc *Etty Productions Limited *Gutierrez Ventures *Liquid Ventures Inc *Miura Promotions LLC *Mohamed Ventures Limited *Optin Media Inc *Pump It Productions *Tolmen Star Enterprises Ltd *Tufa Corporation *Xinyu Inc *Zhou Ventures Ltd Any registration from these false companies constitutes sufficient evidence for any law abiding registrar to suspend the domain. * The registered domains may have a redirect to a central site, such as herbal-kings.net or aplusherbals.com or elite-herbals.com or ezherbals.com * Typically the spammed domains are registered with CSL Computer Service LANGENBACH GMBH (www.joker.com) * The name servers (eg ns1.b12dns.com ns2.b12dns.com ns3.b12dns.com ns1.sacodns.com ns2.sacodns.com ns1.centdns1.com ns2.centdns1.com ns1.maindns4.com ns2.maindns4.com ns1.gzrealm.com ns2.gzrealm.com) are registered with CSL (www.joker.com) * The redirected domains herbal-kings.net aplusherbals.com elite-herbals.com ezherbals.com ezherbals.net are registered with CSL (www.joker.com) MaxGain+ Domain Name: HINTEIRA.COM Registrar: XIN NET TECHNOLOGY CORPORATION Whois Server: whois.paycenter.com.cn Referral URL: http://www.xinnet.com Name Server: NS1.NS-EARTHLING.COM Name Server: NS2.NS-EARTHLING.COM Billing Contact: Li Ming NO.38,YongFeng street,Tianchange City,Anhui Province Tianchange Anhui 239355 CN tel: 2400568 fax: 2400568 yayun22@163.com Domain Name: ELITE-HERBALS.COM Registrar: COMPUTER SERVICES LANGENBACH GMBH DBA JOKER.COM Whois Server: whois.joker.com Referral URL: http://www.joker.com Name Server: NS1.CENTDNS1.COM Name Server: NS2.CENTDNS1.COM Status: clientDeleteProhibited Status: clientRenewProhibited Status: clientTransferProhibited Status: clientUpdateProhibited owner: Jason Poon organization: Black Network INC Domain Name: HERBAL-KINGS.NET Registrar: COMPUTER SERVICES LANGENBACH GMBH DBA JOKER.COM Whois Server: whois.joker.com Referral URL: http://www.joker.com Name Server: NS1.MAIN-DNS3.COM Name Server: NS2.MAIN-DNS3.COM Name Server: NS3.MAIN-DNS3.COM Status: clientDeleteProhibited Status: clientRenewProhibited Status: clientTransferProhibited Status: clientUpdateProhibited owner: Eduardo Macias organization: TOLMEN STAR ENTERPRISES LTD Domain Name: APLUSHERBALS.COM Registrar: COMPUTER SERVICES LANGENBACH GMBH DBA JOKER.COM Whois Server: whois.joker.com Referral URL: http://www.joker.com Name Server: NS1.MAINDNS4.COM Name Server: NS2.MAINDNS4.COM Name Server: NS3.MAINDNS4.COM Status: clientDeleteProhibited Status: clientRenewProhibited Status: clientTransferProhibited Status: clientUpdateProhibited owner: Eduardo Macias organization: TOLMEN STAR ENTERPRISES LTD Domain Name: EZHERBALS.COM Registrar: COMPUTER SERVICES LANGENBACH GMBH DBA JOKER.COM Whois Server: whois.joker.com Referral URL: http://www.joker.com Name Server: NS1.GZREALM.COM Name Server: NS2.GZREALM.COM Status: clientDeleteProhibited Status: clientRenewProhibited Status: clientTransferProhibited Status: clientUpdateProhibited owner: Jason Poon organization: Black Network INC Domain Name: ACTIONHERBALS.COM Registrar: COMPUTER SERVICES LANGENBACH GMBH DBA JOKER.COM Whois Server: whois.joker.com Referral URL: http://www.joker.com Name Server: NS1.GZREALM.COM Name Server: NS2.GZREALM.COM Status: clientDeleteProhibited Status: clientRenewProhibited Status: clientTransferProhibited Status: clientUpdateProhibited owner: Jason Poon organization: Black Network INC Domain Name: TEXENMET.COM Registrar: COMPUTER SERVICES LANGENBACH GMBH DBA JOKER.COM Whois Server: whois.joker.com Referral URL: http://www.joker.com Name Server: NS1.JDNS2008.COM Name Server: NS2.JDNS2008.COM Status: clientDeleteProhibited Status: clientRenewProhibited Status: clientTransferProhibited Status: clientUpdateProhibited Before and After Photos Most of these sites attempt to convince visitors their products are effective by showing "before" and "after" photos of male genitalia. Anyone with photo manipulation software can create realistic appearing photos of unrealistically large anatomy. That type of photo manipulation is commonly done for porn images. Men should not accept photographs as evidence that anyone with genitalia that size exist, let alone that they got that way from using one of these products. An example based on a real image from one of these spamvertised sites is at http://spamtrackers.eu/wiki/index.php/Image:Beforeafter.jpg (image alert: this is an image of nude male genitalia) How to Report this Spam Generally, the most effective way to demand that registrars cancel their illegal contracts with criminals is to use the tool provided for Windows users at Complainterator. If the registrar is CSL, however, be aware that they refuse to act on email complaints, so you can ignore the mandatory ICANN registered email address at info@nrw.net. At www.joker.com click on Register. Become a registered client. Once registered, you can log in and fill out a complaint form. * Register at www.joker.com * Login as a registered user * Select "Support/Contact" * Select "Report spammers/phishing" * Fill in the relevant CSL registered spammed domain or its name server * Fill in the complaint with links to evidence Note that you can generate the text of the complaint using Complainterator and copy/paste it into the web page. Related Spams See also PowerEnlarge, LNHSolutions, King Replicas relationships * Herbal King * Express Herbals * Vigramax (vigramax.net) * Hoodia Gordonii (leanwithhoodia.com) * MaxHerbal * VPXL see Canadian Healthcare * MaxGain+ These # use the same name servers # are registered at the same time # use the same registrar # use the same redirection Evidence Registrations of all three types under same name servers, extracted from http://rss.uribl.com/ns/b12dns_com.html # Domain Date/Time Added #1 aaopc.net Sun, 01 Apr 2007 05:10:16 +0000 #2 abaud.com Sat, 31 Mar 2007 21:09:50 +0000 #3 cifab.net Fri, 30 Mar 2007 08:44:00 +0000 #1 aaopc.net Wed, 21 Mar 2007 13:28:57 +0000 #2 ajsic.net Mon, 19 Mar 2007 10:44:03 +0000 #3 afhti.net Mon, 19 Mar 2007 10:42:28 +0000 #4 afloe.net Mon, 19 Mar 2007 09:54:31 +0000 #1 cgfile.net Mon, 19 Feb 2007 00:30:54 +0000 #2 brightboss.com Sun, 18 Feb 2007 22:41:54 +0000 #3 acmtc.net Sun, 18 Feb 2007 21:08:42 +0000 #4 ansign.net Sun, 18 Feb 2007 14:25:02 +0000 #5 calldoun.com Sun, 18 Feb 2007 14:24:06 +0000 #6 myane.net Sun, 18 Feb 2007 12:32:41 +0000 #7 aoam.net Sun, 18 Feb 2007 11:16:50 +0000 #8 alusan.net Sun, 18 Feb 2007 07:53:12 +0000 #9 aboyn.net Sun, 18 Feb 2007 05:39:16 +0000 #10 ndcuk.com Sun, 18 Feb 2007 01:39:47 +0000 #11 aaums.net Sat, 17 Feb 2007 22:49:27 +0000 #12 callatree.com Sat, 17 Feb 2007 14:25:17 +0000 #13 brianyzip.com Sat, 17 Feb 2007 11:08:00 +0000 #14 yurho.com Sat, 17 Feb 2007 08:15:35 +0000 #15 aaopc.net Fri, 16 Feb 2007 06:36:49 +0000 Other name servers used by the same family include * ns1.masterkeydns1.com ns2.masterkeydns1.com ClientHold * ns1.master22.com ns2.master22.com hold * ns1.master67.com ns2.master67.com * ns1.ceechongsu.com ns2.ceechongsu.com * ns1.chechiewaz.com ns2.chechiewaz.com * ns1.chechiewaz2.com ns2.chechiewaz2.com * ns1.chechiewaz67.com ns2.chechiewaz67.com Beijing Innovative Linkage Technology Redirection web sites belonging to this family and resolved by those name servers include * a1-herbals.com - removed * herbalonez.com Beijing Innovative Linkage Technology * allrxonline.net - removed * fastedstore.com CSL Computer Service / joker.com * vigramax-pills.com CSL Computer Service / joker.com * xtrasize-plus.com Beijing Innovative Linkage Technology * ewondercum.net CSL Computer Service / joker.com * elitereplicas.biz CSL Computer Service / joker.com The same name servers resolve domains that land on * Herbal King aka Elite Herbals aka Express Herbals * Pharma Shop * Reliable Pharmacy * SwissWatchesDirect * NaturaSlim Hoodia * Online Replica Collection,handbags,Watches,shoes,pens.. Redirections As at February 2008 Target site of many spammed site redirections. The current formula is a redirection based on the first character to the subdomain name: * a*.domain.tld: pdandotherb.com (shut down) * b*.domain.tld: ageshell.com (Canadian Pharmacy) * c*.domain.tld: wehelpyounow.com/clothes/ (shut down) * d*.domain.tld: wehelpyounow.com/freepenispill/ (shut down) * g*.domain.tld: fqa34s2.com (US Pharmacy) * h*.domain.tld: diet350.info (100% Pure Hoodia Gordonii Pills) * i*.domain.tld: iakospro.com (VPXL) affiliate ID 2515592000 * k*.domain.tld: ideaexciting.com (US Pharmacy) * p*.domain.tld: iakospro.com (VPXL) affiliate ID 2515592000 * r*.domain.tld: keogbw.net (SwissWatchesDirect) * s*.domain.tld: parpower.com (VPXL) affiliate ID 2515592000 * t*.domain.tld: flutteoi.com (Replica Store) affiliate ID 3508239664 * v*.domain.tld: wehelpyounow.com/vm/ (shut down) Before February 2008 Spammed sites: * b'bdw.knshallwe.com * '''b'zvun.knshallwe.com * 'b'hcisf.knshallwe.com * 'd'qpl.knshallwe.com * 'd'jtwd.knshallwe.com * 'k'pwi.knshallwe.com * 'k'mfvnu.knshallwe.com * 'k'kjsp.knshallwe.com * 'r'hlybg.knshallwe.com * 'r'xtm.knshallwe.com * 'r'utdkl.knshallwe.com This one domain redirects to multiple different scams. # Prefix letter '''A = Elite Herbals on saverxp.org which was not operational from Sept 2007. In December it redirected to samolsen.com # Prefix letter B''' = Reliable Pharmacy redirected to onlinequalitypills.com dns.com.cn, subsequently to jumewa.com - Global Pharmacy # Prefix letter '''C = redirected to hoodiastoresale.com - Naturaslim Hoodia - 100% Pure Hoodia Gordonii Diet Pills , subsequently to Dolce & Gabbana .. Designer Fashion Clothing # Prefix letter D''' = Herbal King redirected to samsege.com / Joker, subsequently to wehelpyounow.com/freepenispill/ - ManXL # Prefix letter '''K = Pharma Shop redirected to r2.rx-shop.biz subsequently to r2.pharm-shop.biz INTERNET # Prefix letter R''' = SwissWatchesDirect redirected to einison.net or pornogh.net or azfuek.net CORP # Prefix letter '''S = Wondercum redirected to fozip.com subsequently to parpower.com # Prefix letter T''' = redirected to getthasteppin.com which was not operational as at Sept 2007, subsequently in December to wehelpyounow.com/su/ SizeUp. # Prefix letter '''V = redirected to wehelpyounow.com/vm/ Vigramax The switching is achieved on a redirector that announces itself upon connection thus HTTP/1.1 302 Found Date: Tue, 03 Dec 2007 20:17:21 GMT Server: Apache/2.0.59 (FreeBSD) PHP/4.4.7 with Suhosin-Patch X-Powered-By: PHP/4.4.7 and a redirection in the form Location: http://wehelpyounow.com/su/ Sponsor Organization SanCash (in early 2008 known as "Etranzmu", the underground sponsor affiliate program related to GenBucks) is the sponsor organization behind this type of site. They pay spammers to promote it, and they don't shut down illegal spammers. Category:Well-known Spam Category:Pharma spam